Resolve a small handful of size_t truncation warnings.
This is very far from all of it, but I did some easy ones before I got
bored. Snapshot the progress until someone else wants to continue this.
BUG=22
Change-Id: I2609e9766d883a273e53e01a75a4b1d4700e2436
Reviewed-on: https://boringssl-review.googlesource.com/9132
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/base64/base64.c b/crypto/base64/base64.c
index 0763a3e..a74c3f5 100644
--- a/crypto/base64/base64.c
+++ b/crypto/base64/base64.c
@@ -111,7 +111,7 @@
if (sizeof(ctx->data) - ctx->data_used > in_len) {
memcpy(&ctx->data[ctx->data_used], in, in_len);
- ctx->data_used += in_len;
+ ctx->data_used += (unsigned)in_len;
return;
}
@@ -152,14 +152,14 @@
memcpy(ctx->data, in, in_len);
}
- ctx->data_used = in_len;
+ ctx->data_used = (unsigned)in_len;
if (total > INT_MAX) {
/* We cannot signal an error, but we can at least avoid making *out_len
* negative. */
total = 0;
}
- *out_len = total;
+ *out_len = (int)total;
}
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len) {
@@ -172,7 +172,11 @@
out[encoded++] = '\n';
out[encoded] = '\0';
ctx->data_used = 0;
- *out_len = encoded;
+
+ /* ctx->data_used is bounded by sizeof(ctx->data), so this does not
+ * overflow. */
+ assert(encoded <= INT_MAX);
+ *out_len = (int)encoded;
}
size_t EVP_EncodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) {
@@ -344,7 +348,7 @@
*out_len = 0;
return -1;
}
- *out_len = bytes_out;
+ *out_len = (int)bytes_out;
if (ctx->eof_seen) {
return 0;
@@ -434,5 +438,5 @@
}
assert(dst_len <= INT_MAX);
- return dst_len;
+ return (int)dst_len;
}
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.c
index ff2bc36..0672904 100644
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.c
@@ -221,7 +221,7 @@
/* For ASN.1 we assume that we'll only need a single byte for the length.
* If that turned out to be incorrect, we have to move the contents along
* in order to make space. */
- size_t len_len;
+ uint8_t len_len;
uint8_t initial_length_byte;
assert (cbb->child->pending_len_len == 1);
@@ -243,7 +243,7 @@
initial_length_byte = 0x80 | 1;
} else {
len_len = 1;
- initial_length_byte = len;
+ initial_length_byte = (uint8_t)len;
len = 0;
}
@@ -262,7 +262,7 @@
for (i = cbb->child->pending_len_len - 1; i < cbb->child->pending_len_len;
i--) {
- cbb->base->buf[cbb->child->offset + i] = len;
+ cbb->base->buf[cbb->child->offset + i] = (uint8_t)len;
len >>= 8;
}
if (len != 0) {
@@ -292,7 +292,7 @@
}
static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
- size_t len_len) {
+ uint8_t len_len) {
uint8_t *prefix_bytes;
if (!CBB_flush(cbb)) {
diff --git a/crypto/cipher/e_ssl3.c b/crypto/cipher/e_ssl3.c
index 7dddf24..19d65a9 100644
--- a/crypto/cipher/e_ssl3.c
+++ b/crypto/cipher/e_ssl3.c
@@ -263,10 +263,10 @@
total += len;
assert(total == in_len);
- /* Remove CBC padding and MAC. This would normally be timing-sensitive, but SSLv3 CBC
- * ciphers are already broken. Support will be removed eventually.
+ /* Remove CBC padding and MAC. This would normally be timing-sensitive, but
+ * SSLv3 CBC ciphers are already broken. Support will be removed eventually.
* https://www.openssl.org/~bodo/ssl-poodle.pdf */
- unsigned data_len;
+ size_t data_len;
if (EVP_CIPHER_CTX_mode(&ssl3_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE) {
unsigned padding_length = out[total - 1];
if (total < padding_length + 1 + mac_len) {
diff --git a/crypto/ecdh/ecdh.c b/crypto/ecdh/ecdh.c
index 4a1964a..37a67b2 100644
--- a/crypto/ecdh/ecdh.c
+++ b/crypto/ecdh/ecdh.c
@@ -66,6 +66,7 @@
#include <openssl/ecdh.h>
+#include <limits.h>
#include <string.h>
#include <openssl/bn.h>
@@ -142,7 +143,12 @@
memcpy(out, buf, outlen);
}
- ret = outlen;
+ if (outlen > INT_MAX) {
+ OPENSSL_PUT_ERROR(ECDH, ERR_R_OVERFLOW);
+ goto err;
+ }
+
+ ret = (int)outlen;
err:
OPENSSL_free(buf);
diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c
index 16d964c..65366eb 100644
--- a/crypto/obj/obj.c
+++ b/crypto/obj/obj.c
@@ -215,10 +215,14 @@
}
int OBJ_cbs2nid(const CBS *cbs) {
+ if (CBS_len(cbs) > INT_MAX) {
+ return NID_undef;
+ }
+
ASN1_OBJECT obj;
memset(&obj, 0, sizeof(obj));
obj.data = CBS_data(cbs);
- obj.length = CBS_len(cbs);
+ obj.length = (int)CBS_len(cbs);
return OBJ_obj2nid(&obj);
}
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
index dc2d6a6..5e36802 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -217,9 +217,9 @@
#endif
if (state->buf_used) {
- unsigned int todo = 16 - state->buf_used;
+ unsigned todo = 16 - state->buf_used;
if (todo > in_len) {
- todo = in_len;
+ todo = (unsigned)in_len;
}
for (i = 0; i < todo; i++) {
state->buf[state->buf_used + i] = in[i];
@@ -245,7 +245,7 @@
for (i = 0; i < in_len; i++) {
state->buf[i] = in[i];
}
- state->buf_used = in_len;
+ state->buf_used = (unsigned)in_len;
}
}
diff --git a/crypto/rand/windows.c b/crypto/rand/windows.c
index de9f4d9..07e7dd8 100644
--- a/crypto/rand/windows.c
+++ b/crypto/rand/windows.c
@@ -39,7 +39,7 @@
while (requested > 0) {
ULONG output_bytes_this_pass = ULONG_MAX;
if (requested < output_bytes_this_pass) {
- output_bytes_this_pass = requested;
+ output_bytes_this_pass = (ULONG)requested;
}
if (RtlGenRandom(out, output_bytes_this_pass) == FALSE) {
abort();
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index 16b9f4f..6f53b0a 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -100,7 +100,7 @@
void **data;
/* sorted is non-zero if the values pointed to by |data| are in ascending
* order, based on |comp|. */
- size_t sorted;
+ int sorted;
/* num_alloc contains the number of pointers allocated in the buffer pointed
* to by |data|, which may be larger than |num|. */
size_t num_alloc;